The simple location-based authentication method using multi-layer display in Korea

Abstract

The importance of selecting an environment appropriate authentication method is the most crucial decision in designing secure systems. In particular, authentication such as login process is more considering with security threat. This paper introduces the method of location-based authentication using multi-layer display which is the ability to authenticate pc and mobile users based on location-based information they would carry out anyway. The system generates authentication information on multi-layer display by users’ current location information captured by smartphones, PCs, time, and weather information to authenticate users. We develop a simple model and application for how to perform location-based authentication, which is working on the multi-layer display, describe the benefits of our method. Our preliminary findings support that this is a meaningful approach, whether used to increase usability or increase security and simplicity. Corresponding author: June-Suh Cho Email addresses for the corresponding author: jscho@hufs.ac.kr First submission received: 12th April 2019 Revised submission received: 6th May 2019 Accepted: 20th May 2019 Acknowledgement This study was supported by Hankuk University of Foreign Studies Research Fund of 2019. Introduction All the time, security is a major issue in all area including the private and public sector. In particular, authentication such as login process is more considering with security threat. Past years, authentication and authorization can be accomplished in many ways. The importance of selecting an environment appropriate authentication and authorization methods are the most crucial decision in designing secure systems. Each authentication method has advantages and disadvantages in terms of security, usability, and breadth of support. Password-based authentication methods, however, do not provide strong security and their use is not recommended. It is recommended that you use a certificate-based authentication method for all network access methods that support the use of certificates. Mobile devices, such as Smartphones, are more and more used by Internet users for different services including social network services, online shopping, entertainment, etc. User authentication with ID & Password on such devices is not user-friendly and does not offer secure authentication for users. User authentication can be handled using one or more different authentication methods. Some authentication methods such as plain ID/password authentication are easily implemented but are in general weak and primitive. The fact that plain password authentication it is still by far the most widely used form of authentication, gives credence to the seriousness of the lack of security on the Internet, mobile, and within private networks. Journal of Business and Retail Management Research (JBRMR), Vol. 13 Issue 4 July 2019 www.jbrmr.com A Journal of the Academy of Business and Retail Management (ABRM) 257 Other authentication methods may be more complex and require more time to implement and maintain, provide strong and reliable authentication (provided one keeps its secrets secret, i.e. private keys and phrases). That being said, one of the key factors to be considered in determining which method of authentication to implement is usability. The usability factor cannot be ignored when designing authentication systems. If the authentication methods are not deemed usable by those forced to utilize them, then they will avoid using the system or persistently try to bypass them. Usability is a key issue. In Korea, various personal authentication methods are used. Especially, since it has a public certificate issued by an authorized institution such as a bank or government agency that has increased safety, it is used more than ID and password for most personal authentication, and it is required to be used in PC or mobile. However, in order to increase safety, certificates are often required to be updated and renewed, and there is a period of use, which is inconvenient for users. Also, we use public certificates as personal certificates, which are made ActiveX based, which provides security and usability inconveniences. In this paper, to solve this inconvenience, we propose a method to securely authenticate a person without using a public certificate by using location information. As the use of mobile phones increases, discussions about personal authentication of mobile phones will continue and will become even more important. The proposed method can be used on both pc and mobile phone. This paper presents a simple location-based authentication method and system where the method generates authentication information by users’ current location information captured by smartphones, PC, time, and weather information to authenticate users. Background So far, Authentication and authorization are two of the most important security features for pc as well as mobile transaction systems. With the development of the IT industry, information that can identify an individual is essential for everyday activities such as personal financial transactions, individual and corporate contracts, and transactions, and individual and individual contracts. Recently, researchers are interested in location-based authentication to improve security. (Jaros & Kuchta, 2010; Jaros & Kuchta, 2011) (Cho et al., 2006; Hachiya & Bandai, 2013) introduced a system which is a location-based authentication using space dependent information such as service set identifier (SSID) from WLAN access points. (Albayram et al., 2014) proposed a location-based authentication system which builds a location profile for a user based on periodically logged Wi-Fi access point beacons over time and leverages this location. Also, (Li & Bours, 2018) proposed a method to authenticate the user by using WiFi and accelerometer data collected. (Takamizawa & Kaijiri, 2009) proposed and designed an authentication method using location information obtained from mobile telephones that is suitable in web-based education applications. (Jansen & Korolev, 2009) designed a location-based authentication mechanism that involves policy beacons and mobile devices. These policy beacons broadcast and communicate location data to mobile devices using Bluetooth. (Lenzini et al, 2008) analyzed how location information can be used to strengthen access control mechanisms by adding features for defining and enforcing locationbased policies. In general, there are five common authentication methods including Password and PIN-based authentication, SMS based authentication, Symmetric-key authentication, Public-key authentication, and Biometric authentication. First, Password and PIN-based authentication are using a password or Personal Identification Number (PIN) to login is the most common knowledge-based (something you know) authentication method. Second, SMS based authentication is used as a delivery channel for a one-time password (OTP) generated by an information system. The user receives a password through the message shown in the cell phone and enters the password to complete the authentication. Third, Symmetric-key authentication is that user shares a unique, secret key with an authentication server in symmetric key authentication. The user may be required to send a randomly generated message encrypted by the secret key to the authentication server. If the server can match the received encrypted message using its shared secret key, the user is authenticated. A slight variation of this approach is the use Journal of Business and Retail Management Research (JBRMR), Vol. 13 Issue 4 July 2019 www.jbrmr.com A Journal of the Academy of Business and Retail Management (ABRM) 258 of OTP tokens, which generate the OTP on the user side for matching with that generated on the server side. Fourth, Public-key authentication is that Public-key cryptography provides an authentication method that uses a private and public key pair. A private key is kept secretly by the user, while the corresponding public key is commonly embedded in a certificate digitally signed by a certification authority. The certificate is made available to others. Finally, Biometric authentication is a method by which a person's authentication information is generated by digitizing measurements of a physiological or behavioral characteristic. Biometric authentication verifies the user's claimed identity by comparing an encoded value with a stored value of the concerned biometric characteristic. (Mahbub et al., 2016) Biometric recognition is largely studied in computer science. The use of biometric techniques, such as the face, fingerprints, iris, and ears are a solution for obtaining a secure personal authentication method. (Yang & Nanni, 2013) (Ninassi et al., 2018) proposed a method using fingerprint and behavioral biometrics to enhance the security of user authentication. The behavior when entering a pattern-based authentication on the smartphone touch screen is considered as a fast and usable solution for users. The names of countries around the world are slightly different, but they give their numbers to individuals for identification. That is, a personal identification number is assigned for the purpose of providing tax administration services such as social security programs such as pensions and taxation. The United States gives the Social Security Number (SSN), the United Kingdom the National Insurance Number (NIN), and Australia gives the taxpayer the Tax File Number (TFN). Although these numbers are issued for specific administrative services such as welfare or taxation, they have the function of identifying individuals, such as the Korean resident registration number, and they are actually used as such functions. In the United States, public institutions and corporate sites, except financial sites, can be used only by inputting their name, birthday, address, etc. without a clear authentication system. It is diff